![]() ![]() ![]() I tried to capture that by showing how quickly you can pivot/investigate through incidents while retaining your context from the previous action (something that’s extremely hard to do in Splunk/ELK). Per Omer, “Even though a lot of the work that I did with Beagle involved transforming the data into graphs, I think what you can do with it is the really cool part. I did reach out to Omer for his insights on Beagle and received a plentiful response. I’m going to limit reprinting that content here and focus almost exclusively on specific use cases. Well done, on so many fronts, to Omer Yampel, the project lead. Our use here will be through the Web interface running from Docker.īeagle is beautifully documented, among the best I’ve ever seen, I strongly suggest reading it in its entirety before proceeding here. The resulting Graphs can be sent to graph databases such as Neo4J or DGraph, or they can be kept locally as Python NetworkX objects.īeagle can be used directly as a Python library, or through a provided Web interface.” Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs and Raw Windows memory images. “Beagle is an incident response and digital forensics tool which transforms data sources and logs into graphs. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |